Personal PC Pro Blog

email scams to watch out for

2009-12-23T11:03:00.002-05:00

If it seems like you’re getting hit with more email scams than ever, you’re right. Deb Shinder explains what you and your users should watch out for to avoid being duped.

Spam is one thing. It’s annoying to get email messages that are nothing but blatant attempts to sell you something. But other than using up your bandwidth, they don’t really cause you any harm. Email scams are quite another thing. They aren’t trying to sell you something; they’re trying to steal something from you, con you out of or into something, or just scare you.

Email scams have been with us since the Internet went commercial back in the early 1990s. I remember getting those Nigerian scam messages back then. And believe it or not, they’re still around. But scammers have gotten more sophisticated, and some of the more recent email scams are harder to detect — unless you know what you’re looking for.

The holiday season seems to bring even more scammers out of the woodwork, perhaps because the average computer user is more vulnerable this time of the year. We’re busy and in a hurry and may be less likely to notice the signs that a message isn’t legit, and/or we’re in a generous and giving mood and may be more likely to fall prey to a well crafted story that plays on our sympathy.

Let’s look at some of the email scams that are currently going around the Internet and how you (and your users) can recognize them and keep from being victimized by them.

Note: This article is also available as a PDF download.

1: Fake Facebook “friend” messages

The popularity of social networking has surged, and scammers have jumped on that bandwagon to take advantage of the way the social sites work. For example, depending on your account settings, you may get email messages whenever someone posts to your Facebook wall or sends you a private message. Recently, I received a message with the subject line “Caroline sent you a message on Facebook.” As with real Facebook messages, there was a link to click on to reply. But I get a lot of those messages, and this one didn’t look quite right. Figure A shows the fake message.

Figure A

Fake Facebook message is close, but not close enough.

I clicked back to a Facebook notification that I knew was real to compare the two. Figure B shows real message (with the content blacked out to protect the privacy of the sender).

Figure B

The real Facebook message has subtle differences.

The first thing that caught my attention was the Reply To address. I expected the URL domain to be www.facebook.com, but the one in the fake message was facebook.montadalitihad.com. If you know how domain naming works, you know that means “facebook” is just the name of a Web server in the montadalitihad domain. As if that weren’t enough, I also noticed that the To field in the message didn’t show my name; instead it said “Undisclosed recipients,” indicating this message was sent to multiple people. All this was enough to cause me to check out the message headers (in Outlook 2007, you do this by clicking the Options icon. Figure C shows the headers.

Figure C

The Internet headers show that this message did not come from Facebook.

In a real Facebook message, the Received: field in the header would be from mx-out.facebook.com. In this one, it’s mail.illimail.com. Now I knew for sure that it didn’t come from Facebook.

I had opened the message in a virtual machine, so if there was malicious code attached, it wouldn’t affect my real OS. Now I clicked the Reply To link and found that it opened a page that looks very much like the Facebook login page. The red flag here was that I was already logged into Facebook with that Web browser. You should not get the login page if you’re already logged into the service. I did not, of course, enter my credentials. That’s the scam. If you do, the scammer will now have your Facebook user account and password and can hijack your Facebook site.

Of course, variations on this scam may use other popular social networks, such as MySpace or LinkedIn. If you’re in doubt about the legitimacy of any “friend” message, just log in to your social network account via your browser (not by clicking the link in the email) and check your Inbox. If the message is real, there will be a copy of it there.

2: Fake admin messages

You might just ignore a “friend” message (especially from a friend you’ve never heard of). But scammers know that a message from the site administrator is more likely to get your attention. This message pretends to be from “The Facebook Team” and purports to notify you of a policy change that requires you to submit a new account agreement. They try to scare you by warning that your account might be closed down or restricted if you don’t do it. Figure D shows this message.

Figure D

Scammers up the ante by sending fake administrative messages.

This time, the scammer did a better job with the From name, which shows to be from facebookmail.com, just like a real Facebook message. But the first clue that it’s a scam is the To address. That’s not my name, and that’s not the name of anybody in my domain. I have our Exchange server set up to forward messages to me when they’re sent to nonexistent addresses (assuming they don’t meet other spam criteria, which would block them at the server’s spam filters). Spammers and scammers often get hold of an email domain name and send messages to random names at that domain in hopes they’ll hit on a real one.

The second warning signal is the attachment. Facebook agreements don’t come as attachments; if this were real, it would direct me to a web page where I could read the new terms and click Agree. Attachments from strangers should always put you on alert.

I copied the attachment into a virtual machine and ran a virus scan on it. Sure enough, it was infected with a virus called VirTool:Win32/VBInject.gen!CN. Luckily, most antivirus programs that are up to date will be able to detect it. A check of the Internet headers on this message indicated that the Reply To address is somewhere in Germany.

3: Fear-mongering messages

While we think of scam messages as those by which the scammer profits, some don’t benefit the scammer at all — except for whatever gratification a person gets from causing others to be upset or afraid. Unfortunately, this makes some individuals feel powerful.

There are many examples of these types of messages, and they usually seem to play on the current headlines. A few years ago, there was a flood of such messages warning that if you saw another car on the road at night with headlights off and blinked yours to signal to the driver, you were in dire danger of being shot as part of a gang initiation. This article details the history of this email hoax.

Similar fear-mongering scams have warned about a serial killer who lured women out of their homes by playing a recording of a crying baby and a rapist who would approach women in parking lots claiming to have picked up a five dollar bill the woman dropped.

The latest in fear-mongering messages like to play on health fears caused by all the recent media attention to swine flu (H1N1). An email message has been going around the Internet for several months warning that “The CDC says H1N1 is wiping out entire villages in Asia and expect it to hit the U.S. in January, where it will kill 6 out of 10 people.” The message goes on to predict that martial law will be declared and you’ll be shot if you leave your house to buy food, and urges recipients to stock up now and to buy face masks, use Purell, and take Enzacta products to “keep your immune system strong.” If you weren’t already a little suspicious, you probably will be by the time you get to the end, where the sender says the pandemic was predicted years ago by a Russian mathematician and that it was caused by a tsunami. Here’s the full text of the message.

They always say that if something seems too good to be true, it probably is. The same goes for over-the-top bad news — especially if you’re hearing it for the first time in an email message. You can bet that if the CDC had really put out such an announcement, it would be all over the mainstream news outlets.

4: Account cancellation scams

It seems that around the holidays, more of these than usual start popping up. I’ve received a number of messages telling me that my account has been or is about to be cancelled — purportedly from Amazon, PayPal, even from the bank. Close examination of the messages show them all to be bogus. Of course, in many cases, I already knew that, because I don’t even have an account with the organization.

Here’s another clue: The message contains a link that looks legit, such as www.mybank.com, but when you hover your mouse pointer over it to show the actual URL, it’s something different, often with a foreign country code such as .ru (Russian) or .cn (China).

Still another clue is that these scam messages often contain typos or grammatical errors you wouldn’t expect from a legitimate company.

5: Bogus holiday cards

There are numerous Web sites through which you can send virtual holiday cards to your friends, and many people take advantage of this quick and easy — and inexpensive (no postage stamps required!) — way to send season’s greetings at this time of the year.

Scammers have co-opted the idea, though. They know that many computer users won’t think twice about clicking a link to view a card from a friend, so they send out messages notifying you that you’ve received a card, with a link to a Web site that will download malicious software to your computer if you aren’t properly protected.

So how do you tell the real card services from the scams? For one thing, when a friend sends you a card from a real service, it will almost always tell you the name of the sender. Scam messages are more likely to use the generic “A friend sent you a greeting.” The safest way to check is to do a Web search for the card service and read about it to find out if it’s a legitimate one. Or to really be safe, just ignore the card notification and send holiday greetings to your friends the old fashioned way (through the postal service) or by personal email, instead of using a Web service.

6: Phantom packages

Any other time of the year, you might be suspicious if you were notified that you had an unexpected delivery from DHL, FedEx, or UPS. During the holidays, it’s a common occurrence. Scammers know this, so they’re seizing the opportunity and sending email messages telling you that you have a package that couldn’t be delivered because of some problem with the shipping address.

This particular scam contains an attachment that’s supposed to be a form you need to print and fill out so you can pick up the package. However, there is no package and when you open the attachment, it infects your computer with a virus.

Also beware of variations on this theme. Many people know not to download email attachments, but they’ll readily click a link to go to a Web site. So more sophisticated scammers will send you to a site that looks like that of the delivery service, but that delivers only malware — straight to your system.

7: Threats from the government

A sharply divided partisan political system has resulted in a growing distrust of government in many circles. Some scammers are now playing on those sentiments. A recent scam email has been going around that purports to warn you that the Department of Homeland Security and the FBI have been informed that you’re allegedly involved in money laundering and/or terrorist activities. The email goes on to say that you can avoid prosecution by obtaining a certificate from the Economic Financial Crimes Commission Chairman — for only $370. Who wouldn’t jump at that deal?

Many similar scams use the names of government agencies. Of course, they’re all hoaxes. If you were really the target of a DHS or FBI investigation, you wouldn’t be able to buy your way out of it for a few hundred bucks. And those agencies would be contacting you in person, not sending threatening email messages.

8: Census survey says…

Another recent email scam also involves the federal government, but instead of accusing you of a crime, it uses your knowledge of real, routine government activities against you. Everyone knows that the U.S. government conducts a census every 10 years, and 2010 is the year. Citizens are required by law to answer the census-takers’ questions. Most people also know that many government-related tasks can now be done online.

Scammers are taking advantage of this to send phishing emails that claim to be from the Census Bureau, making it “convenient and easy” for you to fulfill your census obligation, either by filling out an attached form and emailing it back or by visiting a Web site to fill in a form. The form asks for all sorts of personal information, including the social security number and date of birth of everyone in your household, which can be used for identity theft.

In addition to asking you these personal questions, the emails may include attachments containing malicious code that can infect your computer. The same goes for the Web links contained in the email message. The Census Bureau does, in fact, send email regarding your participation in a survey — but it does not ask for detailed personal information.

9: In Microsoft (or Apple or Dell or HP) we trust

There are dozens of email scams out there that attempt to exploit users’ trust in the vendors that make their computer software or hardware. These messages say they’re from the vendor and range from fake security warnings with attachments that claim to be vulnerability fixes (but are really malware) to bogus “special offers” to “payment requests” that require you to download and install a “transaction inspector module” (which is really a Trojan) if you want to decline to have the payment charged to your credit card.

10: You’re a winner!

There are many new twists on an old theme: You’re a winner in the lottery, contest, or drawing. All you have to do to claim your prize is fill out a form and email it back. Of course, the entity awarding the prize needs your social security number because the value of the prize must be reported to the IRS.

The bad thing about this scam is that you will indeed have to provide such information to claim a prize in a legitimate contest. As a Microsoft Windows 7 Launch Party host, I was automatically entered in a contest to win a Dell laptop — and I won. When I got the email notification, you can bet I was suspicious. Before doing anything, I checked it out with my contacts at Microsoft. Even after confirming that the notice was real, I declined to send my personal information back via email; I printed out the form and sent it via snail mail (registered and certified) instead.

Even if you really did enter the contest that you’re being told you won, don’t get careless. Check into the legitimacy of an email notification of the good news. And I recommend never sending your social security number or other sensitive information in unencrypted email. A legitimate contest will almost always have alternatives methods by which you can submit your information.

Source: TechRepublic

Recognizing phishing e-mails

2009-11-17T11:01:00.002-05:00

If you have received an e-mail from the Internal Revenue Service or the Federal Deposit Insurance Corporation, chances are it was a phishing attempt. If you received e-mail from your bank, PayPal, or Facebook urging you to immediately verify information or risk having your account suspended, it was undoubtedly phishing.

Phishing attacks have spiked this year, according to recent reports. The Anti-Phishing Working Group reports that there were more than 55,600 phishing attacks in the first half of 2009 alone. Phishing is particularly dangerous because once criminals get a victim's password for one Web site they can often use it to get into other accounts where people have re-used the password.

And anyone can be at risk. The wife of FBI Director Robert Mueller banned him from doing online banking after he came close to falling for a phishing attempt.

Here is some basic information that can help people avoid being tricked by phishing attacks.

What is phishing?
Phishing is an attempt, usually via e-mail, to trick people into revealing sensitive information like usernames, passwords, and credit card data by pretending to be a bank or some other legitimate entity. The e-mails typically include a link to a Web site that appears to be legitimate and which prompts users to provide information. Sometimes, the phishing e-mail will include a form in an attachment to fill out. One common tactic phishers use is to pretend to be from the fraud department of a financial institution or online retailer like PayPal and ask for information to be provided to prevent identity fraud. In one case, a phishing e-mail purporting to be from a state lottery commission asked recipients for their banking information so their "winnings" could be deposited into their accounts.

Phishers also are increasingly exploiting interest in news and other popular topics to trick people into clicking on links. One e-mail purportedly about swine flu asked people to provide their name, address, phone number, and other information as part of a survey on the illness. And users of social networks are becoming popular targets. Twitter users have been directed to fake log-in pages.

Attackers are also turning to instant messaging to lure people into their traps. In one recent scam a live chat window was launched via the browser. The scammer communicated to victims via the chat window, pretending to be from a bank and asking for additional information.

This phishing e-mail looks legitimate and even offers to provide tips on how to avoid fraud and spoof e-mails.

(Credit: Screenshot by Elinor Mills/CNETNews.)

What are other recent examples of phishing attacks?

A recent e-mail scam asks PayPal customers to provide additional information or risk getting their account deleted because of changes in the service agreement. Recipients are urged to click on a hyperlink that says "Get Verified!"
E-mails that look like they come from the FDIC include a subject line that says "check your Bank Deposit Insurance Coverage" or "FDIC has officially named your bank a failed bank." The e-mails include a link to a fake FDIC site where visitors are prompted to open forms to fill out. Clicking on the form links downloads the Zeus virus, which is designed to steal bank passwords and other information.
E-mails that look like they come from the IRS tell recipients that they are eligible to receive a tax refund and that the money could be claimed by clicking on a link in the e-mail. The link directs visitors to a fake IRS site that prompts for personal and financial information.
A legitimate-looking Facebook e-mail asks people to provide information to help the social network update its log-in system. Clicking the "update" button in the e-mail takes users to a fake Facebook log-in screen where the user name is filled in and visitors are prompted to provide their password. When the password is typed in, people end up on a page that offers an "Update Tool," but which is actually the Zeus bank Trojan.

What are some tell-tale signs of a phishing attempt?
Many phishing attempts originate from outside the U.S. so they often have misspellings and grammatical errors. Some have an urgent tone and they seek sensitive information that legitimate companies don't typically ask for via e-mail.

What should I look for in an e-mail?
Check the sender information to see if it looks legitimate. Criminals will choose addresses that are similar to the one they are faking. For instance, phishers have used "Alerts@Paypal.co.uk." However, legitimate PayPal messages in the U.S. come from Service@paypal.com" and include a key icon. Most phishing e-mails come from outside the U.S. so an address ending in ".uk" or something other than ".com" could indicate it's a phishing attempt.

The e-mail address may also be obscured. Hitting "reply all" may reveal the true e-mail address. You can also set your e-mail preferences to show "full header" to see the full e-mail address and other information. If you are at all unsure whether the e-mail is legitimate, go to the company's Web site to see the address listed.

Legitimate companies tend to use customer names or user names in the e-mail, and banks often will include part of an account number. Phishing emails typically offer generic greetings, like "Dear PayPal customer."

Inspect the hyperlinks inside the body of the e-mail. Phishers typically will use subdomains or letters or numbers before the company name, and sometimes the words in the links are misspelled. For example, www.BankA.security.com would link to the 'BankA' section of the 'security' Web site. Often, it's difficult to tell if the link is legitimate just by looking at it. By mousing over the link you can see the real address on the bottom of most Web browsers.

In addition, PayPal, Amazon, banks, and many other businesses use the SSL (Secure Sockets Layer) protocol which is designed to ensure that customers are visiting the real site. That means https:// will be seen in the URL address bar instead of just http:// and usually there will be some other change in the address bar. For instance, PayPal displays a "P" and its name is highlighted in green at the front of the URL. The major browsers have antiphishing measures designed to detect malicious sites. Some phishers also try to hide the real Web address they are sending victims to by using URL shortening services.

If the e-mail has an attachment, be wary of .exe files. Scammers like to hide viruses and other malware there so it executes when opened.

Do not be fooled by the look of the Web site you may be directed to. The Web site may look just like a real bank or PayPal page, including the use of the real logos and branding. It could be a good fake page or it could be a legitimate page with a phishing pop-up window on top.

How can phishing attacks be avoided?

Try to stay off spam lists. Don't post your e-mail address on public sites. Create an e-mail address that is less likely to get included in spam lists. For instance, instead of bobsmith@xyz.com, use bob.smith.az@xyz.com.
If an e-mail looks reasonable contact the company directly if you receive an e-mail asking you to verify information. Type the address of the company into the address bar directly rather than click on a link. Or call them, but don't use any phone number provided in the e-mail.
Don't give out personal information requested via e-mail. Legitimate companies and agencies will use regular mail for important communications and never ask customers to confirm log-in or passwords by clicking on links in e-mail.
Look carefully at the Web address a link directs to and type in addresses in the browser for businesses if you are uncertain.
Don't open e-mail attachments that you did not expect to receive. Don't open download links in IM. And don't enter personal information in a pop-up window or e-mail.
Make sure you are using a secure Web site when submitting financial and sensitive information.
Change passwords frequently. Don't use the same password on multiple sites.
Regularly log into online accounts to monitor the activity and check statements.
Use antivirus, antispam, and firewall software and keep your operating system and applications up-to-date.

Source: Elinor Mills, CNet.com

Which Date Works – Free online event planning software

2009-10-16T10:37:00.002-04:00

Need to plan an event with a group of friends who live all over the country or all over the world? Maybe a baby shower or a vacation to Mexico? A good way to plan these type of events is to use event management software instead of email.

Which Date Works is a nitfy little online group planning and invitation management site that makes planning an event really easy.

Note that this kind of service is only useful if you have not already picked out a date for an event, but want to ask everyone which date works best for them.

Here’s how the whole thing works. First, you give you event a name and some details about the event such as the location, etc, etc.

Now you will go ahead and put in the email addresses of everyone who will be involved in this event. You can also quickly import contacts from Gmail, Yahoo! and other email services.

Next, everyone picks the dates on the calendar that they are available and the days that are not good.

After people start responding, you will be able to see which dates everyone picked. The calendar also has numbers indication how many people were available or not on that particular day.

Lastly, you finalize the date for your plans and Which Date Works will send out an email to everyone letting them know when the plans are taking place.

What’s nice about the service is that no one has to sign up, including you! You can do everything on the site without having to login or create an account, which is great!

Source: Online Tech Tips

Use Google Picasa to Face-Tag Your Photos

2009-10-14T12:05:00.002-04:00

As you've probably discovered after years of taking digital snapshots, keeping a photo library organized can be a nightmare. Far and away your best ally: tags, which are little descriptors attached to each photo.

Unfortunately, it's a major hassle to manually assign tags, which is where the new automatic-tagging feature in the just-released Google Picasa 3.5 comes in.

When you first run the new version, it starts scanning your library for faces, automatically grouping those that look similar (and with impressive accuracy, based on initial tests).

To get started with face tagging, click the Scanning option under the new People section in the lefthand toolbar. (Depending on the size of your library, it might take Picasa several hours to complete its initial scan--but you can start tagging while it's working.)

You'll immediately see a batch of faces in the main pane. Click Add a name under any one of them, type the person's name, and then hit Enter.

In the dialog box that appears, click New Person, and then click OK. (You can also supply a nickname and/or e-mail address at this point; Picasa can sync these tags with your Picasa Web Albums.)

Repeat the process with other faces. If you want Picasa to ignore a face (you might not want to tag everybody, after all), just click the little x in the corner.

Each "new person" you add creates a tag in the aforementioned People section. Click one of those tags to see all the matches Picasa has detected. You can refine these matches further by selecting one or more photos, then clicking the green checkmark if they're accurate (i.e. the correct face) or the red x if they're not.

The more you fiddle with this feature, the more sense it will start to make. Keep in mind that all this scanning and tagging makes no actual changes to your photos. Ultimately, it's just a quick way to find all your photos of, say, Fluffy the Dog, or your Uncle Ed. Great stuff.

Source: Rick Broida, PC World

Get a free, disposable phone number from inumbr

2009-10-07T09:47:00.001-04:00

Savvy online shoppers will often use disposable credit-card numbers (which are available from PayPal and some banks) to protect their privacy.

Here's a perfect companion: inumbr, which gives you free, temporary phone numbers. These throwaways are ideal for things like Craiglist ads, where you might want to include contact information--but not your contact information.

To use inumber, choose your closest city or area code (the service has roughly two dozen of them), then specify how long you want the number to last: an hour, a day, or a week.

Next, enter your real phone number, which is where inumbr will forward incoming calls. You'll also need to supply an e-mail address in order to activate the temporary number.

Once you've done that, you can log into the service and access a wealth of options, including extending the expiration date, adding a second number (in case you can't be reached at the first one), and even checking voicemail.

All this is free, believe it or not, making inumbr a must-bookmark site.

Source: PC World

Use GMail’s 8GB As Storage In Windows Explorer

2009-09-23T20:56:00.003-04:00

Google offer a very healthy 7372 MB of storage to it’s GMail users.

This guide will show you how to add your GMail account to Windows Explorer, thus enabling a drag & drop system for you to use you GMail account as additional storage on your computer. Even if you don’t use GMail as an email provider nobody can turn down an extra 8GB of storage, can you?

Be aware that support for this tool may suspend at any time if Google decides to block its use.

To get started, download the latest version of GMail Drive from www.viksoe.dk/gmail/ and install it.

You’ll notice that it’s dropped an addition to your ‘Computer’ in Explorer.

Right click the GMail Drive in Computer an select Login As…

Enter your vital statistics and hit OK

You may get a window saying “enumerating folder”. Try not to disturb Explorer or this window whilst it’s working.

Once your in, it’s a simple case of dragging and dropping your documents, pictures, music into the GMail Drive.

It’ll instantly sync your GMail Drive with your online GMail account, where you can view the item, download, or view as a Google Document.

Source: Mintywhite

Make a vertical text selection in Word

2009-09-22T09:47:00.002-04:00

Every once in a while, you may need to select a portion of text from top to bottom instead of from left to right. This obscure mouse shortcut will handle the job.

Here’s a trick that seldom appears on the shortcut lists. Most of the time, we select text horizontally — a word, a series of words, a paragraph — from left to right or vice versa. But occasionally, the selection has to be vertical. For instance, suppose you wanted to delete the leading characters in Figure A.

Figure A

To make a vertical selection, hold down [Alt] as you drag down through the text you want to highlight. Figure B shows the column of unwanted characters selected using this technique. Hit [Delete] and bam, they’re gone.

Figure B

Although we selected text at the beginning of the lines in this example, you can make vertical selections anywhere on the page.

Note: Some users have reported that the Research pane appears when they try this selection technique. Here’s the secret: Release the [Alt] key before you let up on the mouse button. Word should retain the selection. If you hold down [Alt] but release the mouse button, Word may think “[Alt]-click” and open the Research pane in response.

Source: Techrepublic

Mac Malware

2009-08-29T11:46:00.001-04:00

An Apple-specific DNS changer Trojan has been detected by Trend-Micro. It is named JAHLAV-K and it comes in a mountable Disk Image File (.dmg).

If users get infected with this file, their browsers would redirect to phishing sites and some of them would also redirect to sites that offer fake anti-virus programs.

Sophos warns that the pirated version of “Foxit Reader for Mac” comes with this trojan. “While imitation may be the sincerest form of flattery, we are not happy about the recent malware attacks masquerading as our Foxit Reader,” said the vice president of sales and marketing at Foxit Corporation.

Source: Technibble

10 Useful Office Tips to Increase Productivity

2009-08-07T18:22:00.002-04:00

#1: Format painter (Office)

The Format Painter tool replicates the formatting from one part of a document to another. So instead of manually redoing all the formatting yourself, you can use the Format Painter. First, select the text whose formatting you want to replicate. Then, click the Format Painter toolbar button. Finally, select the text you want to imbue with the format. For bonus points, you can double-click the Format Painter button to replicate the formatting to multiple areas of the document!

#2: Paragraph in/out/up/down (Office)

You can easily move a paragraph in four directions by pressing Alt+Shift+[Arrow]. To increase or decrease the indentation level of a paragraph or bullet point, press Alt+Shift+Right and Alt+Shift+Left respectively. To move a paragraph up or down, press Alt+Shift+Up or Alt+Shift+Down. This works especially well in PowerPoint, where it's common to reorder bullet points or change indentation levels.

#3: Increase or decrease font size (Office)

To quickly increase the font size of selected text, press Ctrl+Shift+>. To decrease the size, press Ctrl+Shift+<. I find it easy to remember these keyboard shortcuts because the one with the greater-than symbol increases the font size while the less-than symbol decreases it.

#4: Quick Access Toolbar (Office)

Office 2007 has a Quick Access Toolbar that can be customized to include buttons for your favorite commands. The Quick Access Toolbar is in the top left corner of many Office applications. You customize it by clicking on the drop-arrow on its right.

#5: Fill handle (Excel)

Excel can auto-fill cells in eerily smart ways. Instead of manually typing a sequence in cells, you can simply type the first few values of the sequence and drag the fill handle to auto-fill the rest of the cells. The fill handle is the little black square at the lower right corner of a selected cell's border. Drag it to automatically fill adjacent cells.

If you drag the fill handle with only one cell selected, it will repeat that cell's value into adjacent cells. However, if you drag the fill handle with multiple cells selected, Excel is smart enough to figure out the series. For instance, in the following example, Excel will fill subsequent cells with the increasing series of odd numbers. This even works for other types of series, like dates and percentages.

#6: Moving and copying cells by dragging selection borders (Excel)

Quite possibly the most useful yet completely undiscoverable feature in Excel is the ability to move and copy cells by dragging selection borders.

For instance, to move row four between rows one and two, select row four and drag the selection border while holding down the Shift key in order to insert it in its new position. If you drag the border without holding down the Shift key, the selected cells will instead replace the cells you drop them on. Conversely, if you hold down Ctrl while dragging a selection border, the selected cells are copied to their new location.

#7: Status bar statistics (Excel)

The status bar in Excel shows handy statistics when multiple cells are selected. In Excel 2007, the status bar shows the selected cells' average, count, and sum. This is an easy way to quickly analyze data without authoring formulas.

#8: Clear formatting (Word and PowerPoint)

To remove formatting from selected text, press Ctrl+Spacebar.

#9: Advanced field search (Outlook)

In Outlook, you can quickly search through a mail folder by using the Instant Search box. In addition to searching for keywords, you can do a fielded search by prefixing your search text with a variety of field names.

For instance, the above example searches for all mail from people named "jimmy" sent in May with attachments that have "jpg" in the filename. I most often use this feature for two things: to easily find email from a specific person, and to find specific attachments.

#10: Presenter view (PowerPoint)

PowerPoint has for many years had a great feature called Presenter View, which allows you as the presenter to see a different view of the presentation from your audience. In Presenter View, your monitor shows not only the slides, but also your notes as well as the current elapsed time in the presentation. This makes giving a presentation far easier. To enable Presenter view, go to the Slide Show ribbon and check Use Presenter View. In that same section, you can also change the monitor which the presentation is shown on. One note: the Use Presenter View checkbox can only be checked if you already have a second monitor connected and enabled.

Source: Philip Su, Microsoft

Help Lost Gadgets Find Their Way Home

2009-07-22T10:40:00.003-04:00

Have you ever left something in a taxi, on an airplane, etc. --and never saw it again? Perhaps the person who eventually picked it up wanted to return it, but didn't know how because the gadget had no identification attached.

Enter SendMeHome, a free service that helps reunite people and their stuff. All you do is register an item--any item, really, from electronics to sports equipment to luggage--then print a specially coded label and tape or glue it on.

If someone finds your item, they just visit the SendMeHome site (the URL appears on the label), enter the code, and send you a message. From there it's up to you to arrange the item's return.

That makes SendMeHome a bit different from StuffBak, a similar service that offers a toll-free phone number finders can call, covers their shipping costs, provides a reward (in the form of StuffBak labels), and so on.

Of course, you pay a few bucks (upwards of $30) for all those services, and you have to buy StuffBak's labels. SendMeHome costs nothing to use, though you can order a sheet of eight weather-proof vinyl labels, in varying sizes, for $4.

Obviously there are no guarantees that these labels will help you recover lost items--but at least you know that an honest person can easily return your smartphone, digital camera, and other gadgets.

Source: PC World

Logitech Vid Offers Free and Easy Video Calling

2009-07-15T16:55:00.003-04:00

When you think of Logitech Vid (free with some restrictions), think of an easier-to-use version of Skype with superior quality. The most salient reason for the ease of use verdict comes from the simple fact that you choose people to chat with by their e-mail and a photo they take when they sign up, not some potentially obscure screen name. There's also a simple but intuitive onscreen interface.

If you're a Logitech Webcam owner looking for free and easy-to-use video calling software, Logitech Vid is a good bet.

After signing up for a Vid account, the first thing you're asked to do is pose for the aforementioned photo that will accompany your profile. Vid automatically recognizes the Webcams and mics on your computer, though the PC World reviewer had to increase the volume a skosh on the PC. There aren't a huge number of settings to tweak either: automatic answering of calls, noise reduction, devices, and volume settings. That's a good thing as Vid is trying (and succeeding) to make video calling easier. In short, setup is a breeze.

Vid leverages the SightSpeed technology it bought a while back. It doesn't retain the SightSpeed client's ability to conference 9 people, it does preserve SightSpeed's audio/video quality.

Logitech Vid is simple to use, and it's free for anyone who owns a Logitech Webcam of any vintage or has a Logitech Webcam owner on their list. You may also try Vid with another company's WebCam for 30 days, however, after that you'll have to buy a Logitech device or make friends with someone who has one to keep on keepin' on.

Source: Jon L. Jacobi, PC World

10 handy Firefox about:config hacks

2009-07-14T10:09:00.002-04:00

If you really want to fine-tune your Firefox functionality, you have to roll up your sleeves and tinker with the about:config page. Jack Wallen shares some simple hacks to make Firefox work the way you want.

Unless you’re a Firefox power user, you may not be familiar with the about:config page. The Firefox about:config page is not so much a page as it is a somewhat hidden configuration section. It’s hidden because it’s fairly powerful and not nearly as simple to use as the standard Preferences window. In the about:config page, you have to know what you are doing or you can mess things up a bit. In fact, when you attempt to go to that page for the first time, you have to accept an agreement (which is really just a warning) before you can continue.

How this page works is simple. You reach the page by entering about:config in the address bar. There are entries (one per line) that handle various types of configurations. Each entry has a searchable keyword. The entries can be of Boolean, integer, or string value. Entries contain Name, Status, Type, and Value. Typically, you will be modifying only the Value, by double-clicking on it and making the change. With all of that in mind, let’s take a look at 10 of the best ways you can “hack” the about:config page.

Tip

If Firefox is fubar’d because you accidentally misconfigured about:config, you can fix it in one of two ways:

Make a backup of your prefs.js file before you start editing. Then, if something goes wrong, you can restore it by copying it over the corrupt file.
If you can’t restore via a backup prefs.js file, you can exit Firefox and issue the command firefox -safe-mode to bring up the Firefox Safe Mode screen. Then, just select Reset All User Preferences To Firefox Defaults. Note: This will restore all user preferences to their default values.

1: Speed up Firefox

This hack requires a few steps. Search for pipelining in the filter and you should see:

network.http.pipelining: Change this to true.

network.http.proxy.pipelining: Change this to true.

network.http.pipelining.maxrequests: Change this to 8.

Now search for max-connections and you should see:

network.http.max-connections: Change this to 96.

network.http.max-connections-per-server: Change this to 32.

2: Disable antivirus scanning

This is only for the Windows version. If you’re downloading large files, this scanning can seriously slow things down. And since you will most likely scan the downloaded file anyway, you’ll probably want to disable this. Of course, if you are uber paranoid (not a bad trait for computing), you might want to leave this entry alone.

To disable antivirus scanning, search for scanWhenDone and you should see:

browser.download.manager.scanWhenDone: Change this to false.

3: Open Javascript popups as tabs

If a popup window lacks the features of a browser window, Firefox will handle it like a popup. If you would prefer to open all windows, including popups, as new tabs, you need to tell Firefox in about:config. Search for newwindow and you will see three entries. Of those three entries, you will want to modify:

browser.link.open_newwindow.restriction: Change this to 0.

4: Spell checking in all fields

By default, Firefox checks spelling only in multiple-line text boxes. You can set it to check spelling in all text boxes. Search for spellcheckdefault and you should see:

layout.spellcheckDefault: Change this to 2.

5: Open search bar results in new tab

When you use the search bar, the results display in the current tab. This can be a nuisance because you will navigate out of the page you are currently in. To make sure Firefox always opens search results in a new tab, search for openintab and you should see:

browser.search.openintab: Change this to true.

6: Auto export bookmarks

In Firefox 3, bookmarks are automatically saved and exported for you. The only problem is that by default, they’re saved as places.sqlite instead of the more convenient bookmarks.html. To change this setting so that they can be easily re-imported, search for autoExportHTML and you should see:

browser.bookmarks.autoExportHTML: Change this to true.

7: Disable extension install delay

One of the few gripes I have with Firefox is the silly countdown you must endure every time you want to install an extension. Fortunately, this can be disabled. Search for enable_delay and you should see:

security.dialog_enable_delay: Change this to 0.

8: View source code in an external editor

When you need to view the source of a page, it opens up in browser popup. Most developers would probably like to have that opened in their favorite editor instead of having to cut and paset. To do this, there are two entries to modify. Search for view_source.editor and you will see:

view_source.editor.external: Change this to true.

view_source.editor.path: Change this to the explicit path to your editor of choice.

9: Get more add-on search results

When you do a search in the Add-on window, you’ll see just five results. You might find it more efficient to increase this number. Search for getAddons and you should see:

extension.getAddons.maxResults: Change this to 10 (or higher, if you want to see even more).

10: Redefine the Backspace button

Did you know you can configure Firefox to use the backspace button to either go back a page or go up a page? This keeps power users from having to go back and forth from the keyboard to the mouse. Search for backspace and you will see:

browser.backspace_action: Change this to 0 for previous page and 1 for page up.

Source: Jack Wallen, Techrepublic.com

Fake e-mails to patch Outlook lead to malware

2009-07-02T21:42:00.002-04:00

All Windows users need to be aware that Microsoft never links to downloads in its e-mail messages, but always requires a visit to a security bulletin landing page to download a patch.

If you receive an e-mail containing a link promising to upgrade Microsoft Outlook or Outlook Express, you should simply delete the message to avoid being nailed by a Trojan horse.

These fake Outlook patch alerts have affected PC users worldwide. As the Sophos blog explains, if you follow the instructions in the bogus message, it results in your running nasty hacker code.

Actual security bulletin notices from Microsoft are quite dull. They never include direct links to the downloadable patch. Instead, they require you to go to a bulletin landing page. Most importantly, they're always signed with a PGP signature. (See Figure 1.)

Figure 1. Microsoft's security-bulletin e-mails are always identified as PGP SIGNED.

When in doubt, always download patches directly from the Microsoft Update site. Even considering the recent problems with update notifications that don't always appear in Windows as expected — see this week's Top Story for details — you should always download updates for Windows and other Microsoft software only from Microsoft servers.

Source: Windows Secrets

Transpose Excel data from rows to columns, or vice versa

2009-06-25T09:51:00.001-04:00

When you need to flip-flop data in an Excel worksheet, don’t waste time doing it manually. Excel offers a handy Transpose option that will quickly take care of the task.

Here’s a tip that eliminates the need to rekey data. Suppose you’ve entered your data with three column headings running across Row 1 and four row headings running down Column A, like the ones shown in Figure A.

Figure A

After working with the data for a while, you decide you’d rather have the current set of row labels (months) running across the columns. Whatever you do, don’t even think about rekeying the data.

You’ll find the best solution on the Paste Special menu. Start by selecting and copying your entire data range. Click on a new location in your sheet, then go to Edit | Paste Special and select the Transpose check box, as shown in Figure B. Click OK, and Excel will transpose the column and row labels and data, as shown in Figure C.

Figure B

Figure C

Note

You aren’t limited to using the Paste Special | Transpose option to rearrange multiple rows and columns of data. It works just as well when you need to turn a single row of labels into a column, or vice versa.

Source: Tech Republic

Two new Mac attacks surface

2009-06-11T19:47:00.002-04:00

This is the message visitors to the porn site get which tricks them into installing an ActiveX object to watch a video but instead downloads a Trojan.

(Credit: Sophos)

Security experts have discovered two new attacks targeting Mac users, a new version of a worm and a Trojan hidden inside a porn site.

Sophos on Wednesday discovered a new version of the Mac OS X Tored worm, according to a Sophos blog post.

On Tuesday, Paretologic warned about a porn site that was downloading malware that targets both the PC and the Mac. Mac users get redirected to the pagemac.php page, which downloads a QuickTime.dmg file, the blog post says.

Sophos explained in blog post on Thursday that visitors to the malicious porn site are told they have to download an ActiveX component to view the videos. Instead, a Trojan, dubbed OSX/Jahlavc, gets downloaded.

"As we've demonstrated before, and as we'll no doubt explain again, the Mac malware threat is real," writes Sophos security researcher Graham Cluley. "Hackers are deliberately planting malicious code on Web sites, and using social engineering tricks to fool you into installing it onto your computer."

An Apple spokesperson did not immediately respond to a request for comment.

Source: Cnet, by Elinor Mills

Losing Yourself in HDTV Is a Few Tweaks Away

2009-06-11T14:48:00.003-04:00

You have just unpacked the new 50-inch widescreen HDTV that you have been lusting after for months. You turn it on and that gorgeous picture that wowed you in the electronics store looks absolutely ... crummy.

Most likely, there’s nothing wrong with your TV; but unlike the admonition in the classic science-fiction series “The Outer Limits,” this is one time when you do need to adjust your set.

When you watched that new LCD or plasma set in the store, you saw a picture that was meant to grab your eye. The best way to do that in a bright, noisy, fluorescent-lit place is to crank up the brightness, pump up the colors and set the LCD backlight on max.

Which is the worst thing you can do when you get the TV home.

What works well in Best Buy and Wal-Mart will not give you the same enviable results at home. Your living room is (hopefully) not lighted with fluorescents. Warmer lighting demands different settings from a TV to produce pleasing, natural-looking colors and images.

Set manufacturers try to make the job easy by providing a number of preset picture modes. Variously labeled “vivid” (the one used in stores), “cinema,” “game,” and “custom,” they are attempts to take the guesswork out of getting the best picture in your home. But as every home is different, creating the right picture for your place requires a few minutes’ simple tweaking.

Turn Down the Lights

“This is the No. 1 thing to do,” said Mark Schubin, an Emmy-winning television engineer and a technical consultant for the Metropolitan Opera. The picture’s contrast ratio — a commonly used specification that indicates the range of brightness from white to black — is measured in absolutely pitch-black rooms. But no one’s room is absolutely pitch black, and the brighter your room, the more likely your TV will lack detail in the darker parts of an image. If you cannot lower your room’s lighting, make sure that direct light does not hit the screen, it will wash out the picture.

LCD TVs create their images with a fluorescent or LED backlight; typically they are turned to their maximum setting at the factory. Gary Merson, owner of HDTVGuru.com, recommends turning them down to at least half that level.

Set the Brightness

A picture’s black level is controlled by the TV’s brightness adjustment; it needs to be set dark enough so that the screen displays rich, deep blacks. Set too low, many images will lose their detail. Set the black level too high, the picture will look muddy.

Black level is important because the truer the blacks, the greater the perceived sharpness of the TV image. A muddy picture will look less sharp than one that has true blacks.

To get the proper black level, you can use a PLUGE pattern, which typically consists of six vertical bars of varying black levels. Turn the picture level down until one of the bars disappears against the background. PLUGE patterns, and other patterns discussed here, are available on a variety of TV tuning discs.

Users can choose Digital Video Essentials, created by the industry expert Joe Kane, or the Avia II Guide to Home Theater. In addition, more than 300 DVD and Blu-ray movies, like “The Abyss,” the Indiana Jones series, and “Titanic,” include a range of calibration patterns created by THX, the company whose familiar certification logo precedes many movies (for a complete list go to thx.com/home/dvd).

If you prefer to wing it, you can make the adjustments without buying a calibration disc. For example, while watching a dark scene in a movie, turn the brightness/picture control down until the detailed areas in a dark part of the frame disappear, then turn it back up until you can just make out some detail.

Adjust the Contrast

Now that you have set the picture’s black level, you can maximize the image’s whites using the contrast control. The trick is to adjust the set to get the best white level while still maintaining detail in the whites. You don’t want the whites to be so intense that, when you look at a bright scene, it looks as if you’re in a whiteout on a ski slope.

Again, the simplest way to do the adjustment is to use a pattern on a tuning disc or as part of a THX-certified DVD. Otherwise, find a bright scene on a movie — a woman’s white wedding dress, for example — and adjust the contrast control so the dress retains detail, like fabric folds or buttons, without becoming a mass of indistinguishable white.

Keep the Color in Check

Most sets display colors that are much more saturated than in real life, making the world look like a comic book. At first, softer, natural colors may look too muted, but after a few days you will find them more pleasing.

Adjust the color control until people look the way you would expect them to in real life: Turn the color down until it almost disappears, then raise it until you get to the desired level.

Next, look at some grass and make sure the greens look correct. If not, you may need to tweak the color control. Because the color and the hue controls interact, it may be necessary to go back and forth between the two until you get the color right.

If you can’t tell one face from another or have no idea what color grass really is, color bars on the testing discs help automate the process. To make it work, you adjust the color control while looking at a series of differently colored bars through a blue filter, until the entire pattern looks uniform.

Filters are included with tuning discs; if you use a THX pattern on a DVD, you can buy blue filter glasses for $2 from THX’s Web site.

Note the Time of Day

The settings you have created will be appropriate for the time of day that they were made. If you did the settings during the brightest part of the day, the contrast control will need to be lowered at night. All other controls should be able to remain the same.

Consider the Source

On many modern TVs, setting the picture controls when watching a DVD or Blu-ray disc will not affect the settings when you move to another input, like satellite TV. In that case, you will need to readjust the settings for that other program source. As long as you have written down the settings, that should be simple.

Save Some Money

Now that you have spent several thousand dollars on a new flat-panel TV and a surround sound system, you may be tempted to kick in a few hundred more to buy top-of-the-line cables to connect every component.

One word of advice: don’t.

“Cheap cables that cost 75 cents per foot work as well as those that cost $100 per foot,” said Mr. Kane. “With the latest HDMI cables, if you see a picture and hear the sound, you know it works.”

Source: By ERIC A. TAUB, NY Times

Big-name sites spread latest malware infections

2009-06-11T14:29:00.002-04:00

Going by such names as Gumblar, JSRedir-R, Martuz, and Beladin, a new generation of malware has managed to surreptitiously place malicious JavaScript code on tens of thousands of popular Web sites.

The hacker scripts try to infect site visitors and then attempt to use their compromised PCs to spread the infection to yet other sites.

Over the past month, the security services ScanSafe and Sophos have reported infections on such major Web sites as ColdwellBanker.com, Variety.com, and Tennis.com. Niels Provos reported in the Google security blog on June 3 that sites infected with Gumblar numbered about 60,000. Visitors became susceptible to infection simply by opening the sites in Internet Explorer.

After the script infects a PC, it attempts to spread its code to any Web site accessible via that machine's FTP client, if one is present. Webmasters often use FTP to make changes to the sites they manage. If FTP software is configured to save a webmaster's sign-in information, the malware can edit itself into a Web site's pages.

Once a PC is running this class of malware, the hacker code tries to trick the user into opening infected PDF and Flash files. If the PC has an unpatched version of Adobe Reader, Acrobat, or Flash, opening an infected file can install a keylogger or other malware. In the case of Gumblar, Google search results in an Internet Explorer window are rewritten — in a way that end users may not notice — so the links point to hacker sites laden with infected PDF and Flash.

Security firms have made efforts to block domains that serve as malware destinations in this latest round of attacks. But the bad guys quickly move to substitute other domains in what has been compared to a game of Whack-a-Mole.

Meanwhile, it's not so easy to shut down a well-known, legitimate site that's infected (although many such sites have quickly been cleaned up). You can't protect yourself simply by visiting only "trusted" sites, because there's no easy way for an end user to determine whether a legitimate site is infected.

Fortunately, you can stack the odds in your favor by following the guidelines in the Windows Secrets Security Baseline:

Step 1: Use a hardware firewall.
Step 2: Install a set of security software.
Step 3: Scan your system regularly with a software-update service (more on these below).
Step 4: Use Mozilla's Firefox or Google's Chrome browser, both of which are more secure than Internet Explorer.

Source: Windows Secrets Newsletter

Powerpoint Patch for Windows

2009-05-17T12:29:00.002-04:00

Microsoft issued a patch for critical vulnerabilities in PowerPoint this week after a bit of a wait. Mac users will continue to wait, however. PowerPoint's vulnerability was widely known and there apparently were others kept under wraps until Microsoft could issue a patch. Attackers looking to take advantage of the flaw did so by tricking users into opening a PowerPoint file, either by email or other means. Opening the file allowed malicious code to be injected.

Once injected the Trojan attempts to communicate with the Windows update site as a check for an internet connection. Once an internet connection is established, the Trojan sends computer identification and location information (computer name, IP address, OS), performs a directory search, lists the contents of the system, and downloads an update or additional malware.

In short, the virus tells a hacker exactly what's on a victim's computer, and the hacker decides whether or not to take action based on that information.

Microsoft has released a patch applicable to all versions of PowerPoint back to 2000. It should be available via Windows update or by clicking "Check for Updates" in the help menu of PowerPoint.

Mac users running 2004 or 2008 versions will have to wait as the patch for those versions are still in development. Until then security experts recommend caution when opening PowerPoint files from unknown or suspicious sources. Microsoft rates the vulnerability as critical.

Source: SecurityProNews

Fake Infection Warnings Can Be Real Trouble

2009-05-14T22:10:00.001-04:00

Michael Vana knew something was up when he saw the pop-up from "Antivirus 2009" in the middle of his screen. The former Northwest Airlines avionics technician guessed that the dire warning of a system infection was fake, but when he clicked on the X to close the window, it expanded to fill his screen. To get rid of it, he had to shut down his PC.

Sound familiar? Dirty tricks like these, designed to get you to install and buy fake antivirus products, are more common than ever. (For advice on how to proceed if you've installed a phony antivirus on your PC, see "Antivirus 2009: How to Remove Fake AV Software.") But while you might recognize such warnings as bogus, you might not know that the fake warning could be a red alert about an underlying bot malware infection. Knowing the difference is key.

"It's not something you even blink at anymore," says Christopher Boyd, senior director of malware research for communications security company FaceTime Communications, of requests for help in dealing with these warning pop-ups.

The increased incidence of these pop-ups is due to more crooks going after easy money from shady affiliate programs, which pay a huge cut of the profits--up to 90 percent--for every person who mistakenly forks over money for a fake program, regardless of what induced them to pay. Often, the inducement comes from a malicious Web site that uses JavaScript tricks to toss up a bunch of pop-ups, or even resize the viewer's browser window, to create something that looks like a real antivirus scan.

You might reach such a site by using a bad search link, like the one Boyd clicked for a free online Batman game. He got redirected to a site that took over his browser to display a fake AV scan, which then found (fictitious) critical infections that could be fixed by purchasing the rogue antivirus program.

If a site merely hijacks your browser, you don't have to worry too much: The pop-ups or fake scanner windows don't cause lasting damage, Boyd says. You might be prevented from closing the window, as Michael Vana was, but you can usually bring up the Windows Task Manager with Ctrl-Alt-Delete and close your browser that way. Sometimes just hitting Alt-F4 will shut it down.

"To do this, [the fake site] uses real code, and doesn't generally exploit a hole," Boyd says. As long as you don't panic and install the pushed program, no real harm occurs.

Bot-Based Fake Antivirus

Unfortunately, the other way you might encounter a fake antivirus program is far worse.

Joe Stewart, a director of malware research with SecureWorks, a security services company for businesses, tracks bot malware for a living. Criminals use bot-infected computers, sometimes gathered into huge networks (called botnets) of a hundred thousand or more systems, to send spam across the globe. But they also use bots to download rogue antivirus programs and other malware onto a victim's PC.

"It's a proven way of monetizing a botnet," says Stewart. "Just about anybody with an already-deployed botnet is potentially looking at this as a way to make extra money."

According to Stewart, crooks make that money either by getting someone to download a supposed trial version of the rogue AV--co-opting a legitimate software sales technique--or by installing that software behind-the-scenes with a bot.

Once installed, the rogue typically uses highly aggravating techniques, such as changing the Windows desktop background to warn of a supposed infection and displaying constant other warnings, to push you to buy the full version of the software.

You might know not to download rogue AV in response to a spurious browser pop-up. But when instructed to download it by a malicious controller, a hidden bot will never give you the chance to apply your good sense.

If you follow basic security precautions, such as keeping your bona-fide antivirus software up-to-date and being careful with e-mail attachments and downloads, you can significantly reduce the odds of getting infected with a bot or other malware. But if you do see pop-ups or other fake warnings from rogue AV on your computer, it's a good idea to try to determine whether it's from a site or from actual software installed by a bot (or by someone else who uses the PC).

Possibilities Endless

There are many variations on the fake software scam, and crooks' tactics vary, so there is no universal indicator that one is present. But watch out for warnings that persist after you reboot your PC, especially if you see them before you open your browser. Seeing an unfamiliar warning icon in your system tray is another bad sign, particularly if you can't right-click it and make it go away. And if your desktop background has changed, you're definitely infected with the rogue antivirus, says Boyd.

As to the source of this garbage, here's a clue. One variety that Stewart examined, then called "Antivirus XP 2008," would first check the PC's system configuration to see whether it was located in a country with many ethnic Russians. It would also examine the user's Internet Explorer for visits to the Russian version of Google. If it encountered any such evidence, the installer would immediately quit without afflicting the potential victim. According to Stewart, that's "enough to pretty much guarantee that Russian-speaking users will not ever see an Antivirus XP 2008 install." But Internet users outside of the former Eastern Bloc had better watch out.

Source: Erik Larkin, PC World

Sort Outlook E-mails with SenderOK Plug-In

2009-04-20T18:51:00.002-04:00

Outlook users, have hope. SenderOK can help you dig your way out from your e-mail avalanche. This free add-in integrates directly into Outlook 2003 and 2007, and gives you a variety of tools for cutting through e-mail clutter. Spend just a little time with it, and you'll likely get a productivity boost.

When you first install SenderOK, it analyzes all of your sent and received e-mail. Based on the patterns of what it finds, it determines who are those most important people with whom you communicate, and what types of messages are most important to you. Based on that, it sorts incoming email into different folders depending on their level of importance: Routine, Important, and VIP. That way, you can see at a glance what e-mail you need to pay attention to. You can also give it specific instructions, such as to always put e-mail from your boss in the VIP folder. The program continues to learn from your behavior what is important and what isn't, so that the longer you use it, the more effective it becomes.

SenderOK does much more as well. It shows you a history of all of your e-mail exchanges--both by thread and by person--including attachments sent and received. It also alerts you to incoming mail, both with balloon tips, and with voice notification. You'll likely want to turn off the voice notification, because it quickly gets annoying. The voice itself is fine, but you use this add-in because your e-mail is already overwhelming.

Any Outlook users suffering from e-mail overload will want to give SenderOK a try--and that means most of us.

Source: Preston Gralla - PC World

Gmail offers 'undo' email option

2009-03-20T17:18:00.003-04:00

The folks at Gmail Labs obviously dedicate a healthy amount of brainpower to the prevention of regrettable emails sent through their service.

Custodial hearts at Google who've brought us Mail Goggles to stave off late-night drunken e-correspondence have now introduced an Undo Send option to their web-based email lineup.

Gmail's User Experience Designer Michael Leggett illustrates the team's M.O.:

"Sometimes I regret sending a message the morning after. Other times I send a message and then immediately notice a mistake. I forget to attach a file or email the birthday girl that I can't make her surprise party. I rush to close my browser or unplug the Internet - but Gmail almost always wins that race."

Enabling the Undo Send option gives the user a scant five seconds to let wiser heads prevail. The catch is that Undo Send doesn't kill an email that's already been sent, but instead just holds the message while the five-sec clock ticks down.

To this reporter, that doesn't sound like enough time to dismiss an ill-sent email - but Leggett claims that even just five seconds does the trick for him and already has saved him several times.

Undo Send was developed by Yuzo Fujishima, a Google engineer in the company's Tokyo office.

Gmail users can switch on Undo Send in Gmail Labs under settings. The rest is pretty easy - if you're quick:

1) Click 'enable' on GMail Labs tab in settings.

2) Author regrettable email message.

3) Realize you've made a big mistake within five seconds.

4) OH %&@# OH %&@# OH %&@# ...phew!

5) Atone for your wicked, wicked ways.

Follow this link to enable Gmail's five-second grace period. ®

Source: Austin Modine, The Register

Never Lose Your Cellphone Phonebook

2008-09-02T12:52:00.004-04:00

A new product by Spark Technology, called Cellstick, plugs in to your cellphone and backs up your phonebook contacts. According to the product description, Cellstick "works with virtually any cell phone. It'll let you backup, enter, edit and transfer your cell phone contacts. So no matter what happens to your cell phone, your phone book survives. "

The product received a positive review from Walt Mossberg at the Wall Street Journal. According to Mossberg, Cellstick is "A smart solution that really works, and it's about as easy to use as possible... CellStik is a fast and simple solution that could save users from the frustrating ordeal of losing a cellphone and every name and number on it."

For more information and to see if it supports your model of cell phone, visit the website at: http://www.sparktech.com/

Fake News Bulletin Email Spreads Malware

2008-08-31T15:25:00.003-04:00

Spammers and hackers have been sending out e-mail messages that look like they are coming from CNN or MSNBC as news alerts. It's easy to fall for this trick, especially if you actually have subscribed to receive news alerts via e-mail. The e-mails have included subject lines such as "CNN Alerts", "CNN.com Daily Top 10", and "Breaking News" with phony or legitimate news headlines.

According to PC World, one example includes a link that brings users to a fake CNN site, "where they are told they need to download an update to Flash Player, Adobe System Inc. 's popular Internet media player, to view a video clip from CNN."

"If users agreed to download the bogus Flash update, they were trapped in an endless loop, where clicking "Cancel" in the initial dialog produced a second pop-up. Clicking "Cancel" there returned the user to the first pop-up. The only options at that point were for users to shut down the browser or give in and install the malware."

"The bogus update -- named "adobe_flash.exe," ...is actually a Trojan horse identified by security vendors as "EncPk-DA" and "Exchanger.mn" among other names. The Trojan, in turn, "phones home" to a malicious server to grab and install more malware."

As a result of the rash of these fake e-mails, Adobe has issued the following warning: "Do not download Flash Player from a site other than Adobe.com," said David Lenoe, the company's product security program manager, in an entry on a company blog. "If you get a notice to update, it's not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious."

Source: PC World: Fake CNN Alert Still Spreading Malware , and Fake News Bulletin Spreads Malware

Easily Add Speech Bubbles to Your Photos

2008-08-21T17:14:00.004-04:00

Adding "speech bubbles" to digital photos used to involve learning how to use a sophisticated graphics program. But now there is a free service called Kyolo that makes it easy.

With Kyolo, all you do is upload the photo, add your choice of speech bubble shapes, enter the text you want for each bubble... and that's it. Once you are finished you can save or e-mail the updated photo.

click here to go the the site

Source: Download Squad

How to Block Cellphone Spam

2008-06-13T23:20:00.005-04:00

Are you receiving unsolicited text messages on your cellphone?

According to Wikipedia, this practice is described as ‘mobile spamming, SMS spam or SpaSMS, but is most frequently referred to as m-spam.’

Unlike regular e-mail spam, you have to pay for it - At least if you don't have an unlimited texting plan. Meanwhile, the spammers can send text messages from a computer’s e-mail program for free. Moreover, there are no anti-SMS spam programs you can install on your cellphone.

But according to AT&T, with a little-known cellular feature you can block cellular spam.

“Our customers can get onto our Web site,” he wrote, “and set their handset so that it receives no messages from the Internet, the origin of the vast majority of wireless spam.”

“Text messages sent from the Internet are addressed as follows: [Your 10-digit wireless number]@txt.att.net.

“What spammers try to do, of course, is attempt to guess your number, largely by trial and error. This brings me to the second capability we offer our customers. Let’s say you want to block spam, but still want to receive messages originating from the Net that you would actually find useful (airline schedules, hotel reservations, etc.). For this purpose, we let you replace your wireless number with an alias. It could be some quirky name, or whatever you like. [You share this address only with people you know.] This could disrupt the guessing game spammers play to try to discern your number and sent you their junk.

“Though not perfect, our efforts have helped keep spam in the category of minor, though annoying, phenomenon. Thanks for listening.”
The beauty of this feature, of course, is that it blocks ONLY text messages from the Internet. Your friends, using cellphones, can still text you.
As it turns out, Verizon Wireless offers these features, too. Sprint and T-Mobile don’t go quite as far, but they do offer some text-spam filtering options. Here’s how you find the controls for each company:

* AT&T: Log in at mymessages.wireless.att.com. Under Preferences, you’ll see the text-blocking and alias options. Here’s also where you can block messages from specific e-mail addresses or Web sites.

* Verizon Wireless: Log in at vtext.com. Under Text Messaging, click Preferences. Click Text Blocking. You’re offered choices to block text messages from e-mail or from the Web. Here again, you can block specific addresses or Web sites. (Here’s where you set up your aliases, too.)

* Sprint: No auto-blocking is available at all, but you can block specific phone numbers and addresses. To get started, log in at www.sprint.com. On the top navigation bar, click My Online Tools. Under Communication Tools, click Text Messaging. On the Compose a Text Message page, under Text Messaging Options, click Settings & Preferences. In the text box, you can enter a phone number, email address or domain (such as Comcast.net) that you want to block.

* T-Mobile: T-Mobile doesn’t yet offer a “block text messages from the Internet” option. You can block all messages sent by e-mail, though, or permit only messages sent to your phone’s e-mail address or alias, or create filters that block text messages containing certain phrases. It’s all waiting when you log into www.t-mobile.com and click Communication Tools.

Source: NY Times, David Pogue